The Office of the Comptroller of the Currency, or OCC, has adopted guidelines, issued as an appendix to its safety and soundness standards regulations, establishing minimum standards for the design and implementation of a risk governance framework (Framework) for large insured national banks, insured Federal savings associations, and insured Federal branches of foreign banks (banks) with average total consolidated assets of $50 billion or more and minimum standards for a board of directors in overseeing the Framework’s design and implementation (final Guidelines). The standards contained in the final Guidelines are enforceable by the terms of a Federal statute that authorizes the OCC to prescribe operational and managerial standards for national banks and Federal savings associations.
The final Guidelines consist of three sections:
Section I provides an introduction to the Guidelines, explains the scope of the Guidelines, and defines key terms used throughout the Guidelines.
Section II sets forth the minimum standards for the design and implementation of a covered bank’s Framework.
Section III provides the minimum standards for the board of directors’ oversight of the Framework.
Set forth below are some highlights on Section III of the Guidelines.
Effective Risk Governance Framework
Concern was expressed with respect Section III of the draft guidelines about use of the terms “duty” and “ensure.” The OCC did not intend to impose managerial responsibilities on the board of directors, or suggest that the board must guarantee results under the Framework. Accordingly, consistent with commenter suggestions, the final Guidelines provide that the board of directors should require management to establish and implement an effective Framework that meets the minimum standards described in the Guidelines. The OCC believes that this revision aligns the board of directors’ responsibilities under this paragraph with their traditional strategic and oversight role.
Provide Active Oversight of Management
Paragraph B. of section III of the proposed Guidelines provided that the board of directors should actively oversee the bank’s risk-taking activities and hold management accountable for adhering to the Framework. The proposed Guidelines also provided that the board of directors should question, challenge, and, when necessary, oppose management’s proposed actions that could cause the bank’s risk profile to exceed its risk appetite or threaten the bank’s safety and soundness.
Commenters expressed concern that these provisions would promote confrontation between the board of directors and bank management at board meetings. Some commenters argued that this would deter open and candid dialogue between the board of directors and bank management, and that emphasizing board opposition will detract from determining how active the board is in overseeing management actions.
Some commenters also argued that the board of directors’ oversight of management should not be characterized as “active” because it implies that board members are implementing and assuming management functions.
The final Guidelines continue to provide that a covered bank’s board of directors should actively oversee the covered bank’s risk-taking activities and hold management accountable for adhering to the Framework. The OCC believes that it is important for the board of directors to understand a covered bank’s risk-taking activities and to be engaged in providing oversight to these activities. The final Guidelines clarify that the board of directors provides active oversight by relying on risk assessments and reports prepared by independent risk management and internal audit. Therefore, the final Guidelines do not contemplate that the board of directors will assume managerial responsibilities in providing active oversight of management—instead, the board is permitted to rely on independent risk management and internal audit to meet its responsibilities under this paragraph.
The final Guidelines continue to articulate the OCC’s expectation that the board of directors should provide a credible challenge to management. The OCC believes that a board of directors will be able to provide this challenge if its members have a comprehensive understanding of the covered bank’s risk-taking activities.
The OCC believes that the capacity to dedicate sufficient time and energy in reviewing information and developing an understanding of the key issues related to a covered bank’s risk-taking activities is a critical prerequisite to being an effective director. Informed directors are well-positioned to engage in substantive discussions with management wherein the board of directors provides approval to management, requests guidance to clarify areas of uncertainty, and prudently questions the propriety of strategic initiatives. Therefore, the final Guidelines continue to provide that the board of directors, in reliance on information it receives from independent risk management and internal audit, should question, challenge, and when necessary, oppose recommendations and decisions made by management that could cause the covered bank’s risk profile to exceed its risk appetite or jeopardize the safety and soundness of the covered bank.
The OCC does not intend this standard to become a compliance exercise for the covered bank, or lead to scripted meetings between the board of directors and management. Instead, the OCC intends to assess compliance with this standard primarily by engaging OCC examiners in frequent conversations with directors. Likewise, the OCC does not expect the board of directors to evidence opposition to management during each board meeting. Instead, the OCC emphasizes that the board of directors should oppose management’s recommendations and decisions only when necessary.
Section III of the Guidelines also provide:
A director should exercise sound, independent judgment.
Covered banks must have at least two independent board members.
Certain training of directors is required.
The bank’s board of directors should conduct an annual self-assessment that includes an evaluation of the board’s effectiveness in meeting the standards provided in section III of the Guidelines.